Skip to content

sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
poc
poc
 
 
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

Elasticsearch StackOverflow vulnerability

A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

Affected Versions:

Elasticsearch versions from 7.0.0 to 7.17.12 and from 8.0.0 to 8.9.0

Solutions and Mitigations:

The issue is resolved in Elasticsearch 7.17.13 and 8.9.1

CVSSv3: 6.5 (Medium) - AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2023-31419

Ref: Link

Proof-of-concept

DoS.mp4

About

Elasticsearch Stack Overflow Vulnerability

Resources

Readme
Activity

Stars

18 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages